Reader Comments (25)

"The original hypothesis was that the data had been taken by a person or persons unknown ranging from an individual acting alone to an organised group engaged in espionage or offences linked to terrorism and potentially linked to foreign governments and/or organisations with significant commercial interests. Whilst the terrorism element quickly receded the other elements of the hypothesis remained current throughout the investigation."

As a result the 220,000 in an encrypted zip file must be an extract and we can probably expect it to have a similar ratio of interesting to boring material.

I doubt that UEA can risk getting rid of the server and 54 GB is a huge amount to search and process but they will need to understand what is potentially out there. I can see them trying to get the server exempt from FOI but I think they will take a huge risk if they trash the server.

An anonymous leaker or hacker was able to obtain pertinent individual email messages from 54 GB of data in a short period of time. And apparently Hewlett-Packard compared FOIA2011.zip files with the server and determine that the FOIA2011.zip archive was genuine.

Will the UEA be reduced to claiming that they are unable to reproduce these extraordinarily sophisticated feats despite their unfettered access and clear ownership of the machine in question?

"If it were just a lot of chit-chat between scientists and innocuous data who would care?"If that innocuous data were to be adopted by national and international policymakers as a justification for trillion dollar changes to energy and economic policies, sending the world back to prehistoric times, well, what would the Plod make of that then? A bit of terrorism we can all understand, but sending the planet back to the stone age, or the global redistribution of wealth, well, how do you kettle that?

Depends entirely on what it is, a jumble of binarys and unrelated document formats, could take some time. As a set of text blocks searchable by character combination, or sytematic data e.g finance spreadsheets in a common format not so much.

tend to agree though that the timespan between snatch and spill, argues against brute force techniques and towards some familiarity with the data.

The report is interesting in that it shows the total incompetence of the police operation. It's quite clear that they did not ask the sceptic community any sensible questions (if any questions at all) and did not even bother to study the sceptic blogs -

1. "a relatively high number of similar requests in what appears to have been an orchestrated campaign." Well if they had looked at CA they would have seen the comment where Steve M said "I suggest that interested readers can participate by choosing 5 countries and sending the following FOI request to david.palmer at uea.ac.uk:"Whether this is at all relevant to the email release is debatable of course.

2. "Of the four websites known to have been used to signpost FOI 2011..." I know of six.

The advice I received on behalf of SCEF when I initiated a complaint against the UEA with the police, is that the police will not take such a complaint seriously unless we engage a solicitor. Which is clearly true, because the Norfolk police only got back to say "contact your local force" and Strathclyde Police didn't even reply to my email.

The position is made all the worse because the police have this delusion about us being funded by "organisations with significant commercial interests".

If there are such organisations, they must have taken the very strange line of denying sceptics any funding so that we look like a bunch of amateurs with no funding except member donations.

So, the only practical avenues for legal action are:

1. To hope that these "organisations with significant commercial interests", wake up and pay the solicitors to bring the case against the UEA.2. For individuals who e.g. sent in FOI requests which the UEA illegally denied, to take a case against them in the small claims court (which will take a lot of time and effort rather than money), and hope the publicity would trigger a bigger police investigation into the various allegations against the UEA.

And, the most annoying thing is that if only I'd followed the rest of the crowd and sent in an FOI request to the UEA when everyone else was doing so (and not to the Met Office as I did), I would now be able to take them to court to recover the time and effort spent in preparing my FOI request, and by doing so, I would have a legal judgement the UEA broke the FOI law and not just the Information Commission's ruling.

"The Russian secret service has been accused of masterminding the theft of the confidential data from one of the world's leading centres of climate change research. The charge comes as news emerges that hacked climate scientists have received death threats."

So the police and security services would have been oblidged to investigate those claims and rule them in or out of the investigation. Given the money involved in climate change, if any state actor were behind it, if could be considered economic warfare or terrorism. It's a shame the FSB didn't release the results of their investigation, as they threatened to do if people didn't stop blaming them.

54Gb downloaded and it definitely wasn't an inside job. Yeah right, and the Norfolk Plod also believe in the tooth fairy and father christmas, and they think that backing from the Met Plod justifies their claim (the Met lost the keys to Wembley Stadium on Monday).

The report is interesting in that it shows the total incompetence of the police operation.It's quite clear that they did not ask the sceptic community any sensible questions (if any questions at all) and did not...

Yes.

- They asked Steve McIntyre his views on climate change but they did not ask him for the the IP address from which “RC” posted the initial notice of the release of the files.

- They did not ask Steve Mosher (who identified Gleick as the Heartland hacker, and who thinks it was someone within UEA) who he thought was the culprit "because he probably would not tell us" (or similar words - according to the press interview).

Either incompetence or a completely competent look through the wrong end of the telescope in the wrong direction, to be sure of avoiding finding something that would be very embarrassing indeed?

To: Jul 31, 2012 at 4:36 PM | Atomic Hairdryer Re: "So the police and security services would have been obliged to investigate those claims and rule them in or out of the investigation.”

This is the excuse which is to be accepted by the community. Even though the police appear to have done the opposite in reality. They did not ask people or questions which might have produced a real lead; they put up questions like the Russian one and do whatever it is they did (probably ignoring that question with equal glee).

Either incompetence or a completely competent look through the wrong end of the telescope in the wrong direction, to be sure of avoiding finding something that would be very embarrassing indeed?

IOW, they were following the "lead" established by Muir Russell: Oxburgh & Penn State: If you ask the wrong questions of the wrong people, you are well on your way to ensuring that you will get the right answer.

Btw, a few curious items I found in this closure report ...

If you search for the origins of "‘sophisticated and carefully orchestrated" [which appeared twice in the July 18 "News Release"] you will find that by the time this report was generated [July 24, according to the pdf properties], that half of it has, well, disappeared. All that's left is (p. 5):

It is highly relevant to note that QinetiQ are of the view that the attack upon the UEA ICT infrastructure was highly sophisticated and was undertaken by a person or persons who were highly competent and who knew how to conceal their activity.

Although it's possible that "highly relevant ... highly sophisticated ... highly competent" make up for the absence of "carefully orchestrated". I wonder if they have a scale for determining when it's appropriate to use "highly" three times in one sentence! Perhaps there's even a formula that let's them "translate" three highly's into two instances of "carefully orchestrated" in a News Release! But I digress ...

"Orchestrated" does appear in this report, btw - but only once, as I think Paul Matthews had noted above (p. 3):

June 2009 – a data request is made under FOI, which is refused. This is followed by a relatively high number of similar requests in what appears to have been an orchestrated campaign.

I'm not sure how long it might have taken them to make the brilliant discovery (p. 4) that:

it is normal for the transaction logs on proxy servers to be switched off or to be overwritten within 24 or 48 hours

But this does strongly suggest that (as their timeline indicates on p. 3), since their "major investigation" was not launched until Nov. 23, this was well past the "24-48 hours" window of opportunity for gleaning any useful information from any proxy server logs. Although - while I'm sure its just coincidence - Nov. 23 just happened to be the date of Gavin's "reconstruction" of the details!